9391 matches found
Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-098 (ALASECS-2026-098)
The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-098 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary...
Amazon Linux 2 : python, --advisory ALAS2-2026-3185 (ALAS-2026-3185)
The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3185 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be...
Amazon Linux 2 : qemu, --advisory ALAS2-2026-3182 (ALAS-2026-3182)
The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3182 advisory. A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a...
Amazon Linux 2 : libpng, --advisory ALAS2-2026-3189 (ALAS-2026-3189)
The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3189 advisory. libpng: An out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogra...
Amazon Linux 2023 : libpng, libpng-devel, libpng-static (ALAS2023-2026-1463)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1463 advisory. libpng: An out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maxim...
Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1464)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1464 advisory. node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. Th...
Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3177 (ALAS-2026-3177)
The version of thunderbird installed on the remote host is prior to 140.7.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3177 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type...
Amazon Linux 2 : gegl, --advisory ALAS2-2026-3183 (ALAS-2026-3183)
The version of gegl installed on the remote host is prior to 0.2.0-19. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3183 advisory. The rgbereadnewrle function in gegl/libs/rgbe/rgbe.c has a heap buffer overflow vulnerability during HDR image parsing that...
Amazon Linux 2023 : python3-pillow, python3-pillow-devel, python3-pillow-tk (ALAS2023-2026-1452)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1452 advisory. Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1. CVE-2026-2599...
Amazon Linux 2023 : firefox (ALAS2023-2026-1445)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1445 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack...
Medium: ecs-init
Issue Overview: The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content. CVE-2025-47911 The html.Parse function in golang.org/x/net/html has an...
Amazon Linux 2023 : postgresql16, postgresql16-contrib, postgresql16-llvmjit (ALAS2023-2026-1458)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1458 advisory. Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of...
Amazon Linux 2023 : nodejs24, nodejs24-devel, nodejs24-full-i18n (ALAS2023-2026-1466)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1466 advisory. node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. Th...
Amazon Linux 2 : runc, --advisory ALAS2ECS-2026-099 (ALASECS-2026-099)
The version of runc installed on the remote host is prior to 1.3.4-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-099 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP...
Amazon Linux 2 : evolution-data-server, --advisory ALAS2-2026-3179 (ALAS-2026-3179)
The version of evolution-data-server installed on the remote host is prior to 3.28.5-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3179 advisory. The Evolution backend server exposes the D-Bus service org.gnome.evolution.dataserver.AddressBook, that can be used ...
Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-053 (ALASFIREFOX-2026-053)
The version of firefox installed on the remote host is prior to 140.7.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-053 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. Th...
Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3190 (ALAS-2026-3190)
The version of thunderbird installed on the remote host is prior to 140.7.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3190 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This...
Amazon Linux 2023 : cuda-toolkit-13 (ALAS2023NVIDIA-2026-276)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023NVIDIA-2026-276 advisory. NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if...
Amazon Linux 2 : postgresql, --advisory ALAS2POSTGRESQL14-2026-022 (ALASPOSTGRESQL14-2026-022)
The version of postgresql installed on the remote host is prior to 14.21-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2026-022 advisory. Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server...
Amazon Linux 2 : qt5-qt3d, --advisory ALAS2-2026-3187 (ALAS-2026-3187)
The version of qt5-qt3d installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3187 advisory. A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the functi...